Backend Development
Python Tutorial
How to implement user authentication and authorization in FastAPI
How to implement user authentication and authorization in FastAPI
How to implement user authentication and authorization in FastAPI
FastAPI is a high-performance web framework based on Python that provides many powerful features such as asynchronous support, automatic document generation and type hints. In modern web applications, user authentication and authorization are very important functions that can protect the security of the application. In this article, we will explore how to implement user authentication and authorization in FastAPI.
- Install the required libraries
Before we begin, we must first install the required libraries. In FastAPI, the PyJWT library is typically used to handle JSON Web Tokens, and the Passlib library is used for password hashing and verification. We can install these libraries using the following command:
pip install fastapi pyjwt passlib
- Create User Model
Before we start implementing authentication and authorization, we need to define a user model. User models usually contain fields such as username and password. The following is the definition of a sample user model:
from pydantic import BaseModel
class User(BaseModel):
username: str
password: str- Implementing the user registration and login interface
Next, we need to implement the user registration and login interface. In the registration interface, we will obtain the username and password, hash the password and save it to the database. In the login interface we will verify that the username and password provided by the user match those in the database. The following is an example implementation:
from fastapi import FastAPI
from passlib.hash import bcrypt
app = FastAPI()
DATABASE = []
@app.post("/register")
def register_user(user: User):
# Hash password
hashed_password = bcrypt.hash(user.password)
# Save user to database
DATABASE.append({"username": user.username, "password": hashed_password})
return {"message": "User registered successfully"}
@app.post("/login")
def login_user(user: User):
# Find user in database
for data in DATABASE:
if data["username"] == user.username:
# Check password
if bcrypt.verify(user.password, data["password"]):
return {"message": "User logged in successfully"}
return {"message": "Invalid username or password"}- Implementing authentication and authorization middleware
Now that we have implemented the user registration and login interface, next we need to implement the identity Authentication and authorization middleware. This will ensure that users can only access protected routes if a valid token is provided.
The following is an example implementation of authentication and authorization middleware:
from fastapi import FastAPI, Depends, HTTPException, status
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from passlib.hash import bcrypt
from jose import jwt, JWTError
app = FastAPI()
SECRET_KEY = "your-secret-key"
security = HTTPBearer()
@app.post("/register")
def register_user(user: User):
# ...
@app.post("/login")
def login_user(user: User):
# ...
def get_current_user(credentials: HTTPAuthorizationCredentials = Depends(security)):
try:
token = credentials.credentials
payload = jwt.decode(token, SECRET_KEY, algorithms=["HS256"])
user = payload.get("username")
return user
except JWTError:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid token",
headers={"WWW-Authenticate": "Bearer"},
)
@app.get("/protected")
def protected_route(current_user: str = Depends(get_current_user)):
return {"message": f"Hello, {current_user}"}- Generate and verify tokens
Finally, we need to implement a method to generate tokens. A token is a security credential used for authentication and authorization. After the user successfully logs in, we can use this method to generate a token and return it to the client.
The following is an implementation of a sample method to generate and verify tokens:
from fastapi import FastAPI, Depends, HTTPException, status
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from passlib.hash import bcrypt
from jose import jwt, JWTError, ExpiredSignatureError
from datetime import datetime, timedelta
app = FastAPI()
SECRET_KEY = "your-secret-key"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30
security = HTTPBearer()
@app.post("/register")
def register_user(user: User):
# ...
@app.post("/login")
def login_user(user: User):
# ...
def get_current_user(credentials: HTTPAuthorizationCredentials = Depends(security)):
try:
token = credentials.credentials
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
user = payload.get("username")
return user
except JWTError:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid token",
headers={"WWW-Authenticate": "Bearer"},
)
def create_access_token(username: str):
expires = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
payload = {"username": username, "exp": expires}
token = jwt.encode(payload, SECRET_KEY, algorithm=ALGORITHM)
return token
@app.get("/protected")
def protected_route(current_user: str = Depends(get_current_user)):
return {"message": f"Hello, {current_user}"}
@app.post("/token")
def get_access_token(user: User):
# Check username and password
for data in DATABASE:
if data["username"] == user.username:
if bcrypt.verify(user.password, data["password"]):
# Generate access token
access_token = create_access_token(user.username)
return {"access_token": access_token}
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid username or password",
headers={"WWW-Authenticate": "Bearer"},
)In summary, we have learned how to implement user authentication and authorization in FastAPI. By using the PyJWT library and Passlib library, we are able to securely handle user credentials and protect the security of our application. These sample codes serve as a starting point that you can further customize and extend to suit your needs. Hope this article helps you!
The above is the detailed content of How to implement user authentication and authorization in FastAPI. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1666
14
1426
52
1328
25
1273
29
1253
24
Python: Games, GUIs, and More
Apr 13, 2025 am 12:14 AM
Python excels in gaming and GUI development. 1) Game development uses Pygame, providing drawing, audio and other functions, which are suitable for creating 2D games. 2) GUI development can choose Tkinter or PyQt. Tkinter is simple and easy to use, PyQt has rich functions and is suitable for professional development.
Python vs. C : Learning Curves and Ease of Use
Apr 19, 2025 am 12:20 AM
Python is easier to learn and use, while C is more powerful but complex. 1. Python syntax is concise and suitable for beginners. Dynamic typing and automatic memory management make it easy to use, but may cause runtime errors. 2.C provides low-level control and advanced features, suitable for high-performance applications, but has a high learning threshold and requires manual memory and type safety management.
Python and Time: Making the Most of Your Study Time
Apr 14, 2025 am 12:02 AM
To maximize the efficiency of learning Python in a limited time, you can use Python's datetime, time, and schedule modules. 1. The datetime module is used to record and plan learning time. 2. The time module helps to set study and rest time. 3. The schedule module automatically arranges weekly learning tasks.
Python vs. C : Exploring Performance and Efficiency
Apr 18, 2025 am 12:20 AM
Python is better than C in development efficiency, but C is higher in execution performance. 1. Python's concise syntax and rich libraries improve development efficiency. 2.C's compilation-type characteristics and hardware control improve execution performance. When making a choice, you need to weigh the development speed and execution efficiency based on project needs.
Which is part of the Python standard library: lists or arrays?
Apr 27, 2025 am 12:03 AM
Pythonlistsarepartofthestandardlibrary,whilearraysarenot.Listsarebuilt-in,versatile,andusedforstoringcollections,whereasarraysareprovidedbythearraymoduleandlesscommonlyusedduetolimitedfunctionality.
Python: Automation, Scripting, and Task Management
Apr 16, 2025 am 12:14 AM
Python excels in automation, scripting, and task management. 1) Automation: File backup is realized through standard libraries such as os and shutil. 2) Script writing: Use the psutil library to monitor system resources. 3) Task management: Use the schedule library to schedule tasks. Python's ease of use and rich library support makes it the preferred tool in these areas.
Learning Python: Is 2 Hours of Daily Study Sufficient?
Apr 18, 2025 am 12:22 AM
Is it enough to learn Python for two hours a day? It depends on your goals and learning methods. 1) Develop a clear learning plan, 2) Select appropriate learning resources and methods, 3) Practice and review and consolidate hands-on practice and review and consolidate, and you can gradually master the basic knowledge and advanced functions of Python during this period.
Python vs. C : Understanding the Key Differences
Apr 21, 2025 am 12:18 AM
Python and C each have their own advantages, and the choice should be based on project requirements. 1) Python is suitable for rapid development and data processing due to its concise syntax and dynamic typing. 2)C is suitable for high performance and system programming due to its static typing and manual memory management.
